GDPR Compliance

Our commitment to protecting your data in accordance with the General Data Protection Regulation.

Last updated: 21 April 2026

Our commitment

NerionSoft is fully committed to complying with the GDPR (EU Regulation 2016/679). We process your personal data with transparency, security and in strict respect of your rights.

This page details the principles guiding our processing activities, the legal bases on which they rest, and the rights you may exercise.

Data controller

Identity

NerionSoft SAS, represented by Romain Blanchot, is the data controller for personal data collected on nerionsoft.com and in the course of its services.

Registered office

60 rue de Seine, 75006 Paris, France.

DPO contact

You can contact our Data Protection Officer at: romain.blanchot@nerionsoft.com

Legal bases for processing

We base our processing activities on the following legal grounds:

Performance of a contract

Invoicing, delivery of services, customer support.

Legitimate interest

Targeted B2B prospecting, improvement of our products and services.

Explicit consent

Newsletter, non-essential cookies, marketing communications.

Legal obligation

Accounting, anti-money laundering, responding to authority requests.

Your GDPR rights

You have all the rights provided for under the GDPR. To exercise them, contact us at romain.blanchot@nerionsoft.com. We respond within 30 days at most.

Right of access

Obtain confirmation that we process your data and receive a copy of it.

Right to rectification

Have inaccurate or incomplete data corrected.

Right to erasure

Request the deletion of your data under certain conditions.

Right to data portability

Retrieve your data in a structured and commonly used format (JSON/CSV).

Right to object

Object to processing based on our legitimate interest.

Right to restriction

Restrict the processing of your data in certain situations.

Retention periods

We retain your data only for the period strictly necessary for the purposes pursued:

Prospects: 3 years from the last contact

Clients: full duration of the contract + 5 years

Accounting and invoicing: 10 years (legal obligation)

Newsletter: until unsubscription

Technical logs: 12 months maximum

Transfers outside the EU

Our data is hosted within the European Union (Frankfurt, Paris). When a sub-processor operates outside the EU (e.g. Stripe), the transfer is governed by the Standard Contractual Clauses approved by the European Commission.

The full list of our sub-processors and the associated safeguards is available upon request.

Security and data breaches

Technical measures

TLS 1.3 encryption in transit and AES-256 at rest, multi-factor authentication on sensitive access points, continuous monitoring and regular audits.

Breach notification

In the event of a data breach likely to create a risk to your rights, we commit to notifying the relevant supervisory authority within 72 hours and informing you as soon as possible.

Complaint to the supervisory authority

If you believe that the processing of your data does not comply with the GDPR, you may lodge a complaint with the competent supervisory authority in your country of residence.

In France: www.cnil.fr, 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07.

Additional documentation

Our processing register and our DPA (Data Processing Agreement) are available on request for any client or prospect.

DPO contact

To exercise your rights or for any question about the processing of your data, please contact our Data Protection Officer. We respond within 30 days at most.

romain.blanchot@nerionsoft.com

Back to home

Une newsletter qui fait gagner du temps

Chaque vendredi, une idée concrète pour optimiser votre site, vos process ou vos automatisations. Sans spam, désinscription en un clic.